---
title: 'Introduction to developing in Prowler'
---

Thanks for your interest in contributing to Prowler!

Prowler can be extended in various ways. This guide provides the different ways to contribute and how to get started.

## Contributing to Prowler

### Review Current Issues
Check out our [GitHub Issues](https://github.com/prowler-cloud/prowler/issues) page for ideas to contribute.
<Columns cols={2}>
  <Card title="Good First Issue" icon="github" href="https://github.com/prowler-cloud/prowler/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20label%3A%22good%20first%20issue%22">
    We tag issues as `good first issue` for new contributors. These are typically well-defined and manageable in scope.
  </Card>
  <Card title="Help Wanted" icon="github" href="https://github.com/prowler-cloud/prowler/issues?q=sort%3Aupdated-desc%20is%3Aissue%20is%3Aopen%20label%3A%22help%20wanted%22">
    We tag issues as `help wanted` for other issues that require more time to complete.
  </Card>
</Columns>

### Expand Prowler's Capabilities
Prowler is constantly evolving. Contributions to checks, services, or integrations help improve the tool for everyone. Here is how to get involved:

<Columns cols={2}>
  <Card title="Adding New Checks" icon="shield" href="/developer-guide/checks">
    Want to improve Prowler's detection capabilities for your favorite cloud provider? You can contribute by writing new checks.
  </Card>
  <Card title="Adding New Services" icon="server" href="/developer-guide/services">
    One key service for your favorite cloud provider is missing? Add it to Prowler! Do not forget to include relevant checks to validate functionality.
  </Card>
  <Card title="Adding New Providers" icon="cloud" href="/developer-guide/provider">
    If you would like to extend Prowler to work with a new cloud provider, this typically involves setting up new services and checks to ensure compatibility.
  </Card>
  <Card title="Adding New Output Formats" icon="file" href="/developer-guide/outputs">
    Want to tailor how results are displayed or exported? You can add custom output formats.
  </Card>
  <Card title="Adding New Integrations" icon="link" href="/developer-guide/integrations">
    Prowler can work with other tools and platforms through integrations.
  </Card>
  <Card title="Proposing or Implementing Features" icon="lightbulb" href="https://github.com/prowler-cloud/prowler/issues/new?template=feature-request.yml">
    Propose brand-new features or enhancements to existing ones, or help implement community-requested improvements.
  </Card>
</Columns>

### Improve Documentation
Help make Prowler more accessible by enhancing our documentation, fixing typos, or adding examples/tutorials.

<Columns cols={2}>
  <Card title="Documentation Guide" icon="book" href="/developer-guide/documentation">
    Enhance our documentation, fix typos, or add examples/tutorials.
  </Card>
</Columns>

### Bug Fixes
If you find any issues or bugs, you can report them in the [GitHub Issues](https://github.com/prowler-cloud/prowler/issues) page and if you want you can also fix them.

<Columns cols={2}>
  <Card title="Report a Bug" icon="bug" href="https://github.com/prowler-cloud/prowler/issues/new?template=bug_report.yml">
    Report or fix issues or bugs.
  </Card>
</Columns>

Remember, our community is here to help! If you need guidance, do not hesitate to ask questions in the issues or join our [<Icon icon="slack" /> Slack workspace](https://goto.prowler.com/slack).



## Setting up your development environment

### Prerequisites

Before proceeding, ensure the following:

- Git is installed.
- Python 3.9 or higher is installed.
- `poetry` is installed to manage dependencies.

### Forking the Prowler Repository

Fork the Prowler GitHub repository to contribute to Prowler. This allows proposing changes, submitting new features, and fixing bugs. For guidance on forking, refer to the [official GitHub documentation](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo?tool=webui#forking-a-repository).

### Cloning Your Forked Repository

Once your fork is created, clone it using the following commands (replace `<your-github-user>` with your GitHub username):

```
git clone https://github.com/<your-github-user>/prowler
cd prowler
```

### Dependency Management and Environment Isolation

To prevent conflicts between environments, we recommend using `poetry`, a Python dependency management solution. Install it by following the [instructions](https://python-poetry.org/docs/#installation).

### Installing Dependencies

To install all required dependencies, including those needed for development, run:

```
poetry install --with dev
eval $(poetry env activate)
```

<Warning>
Starting from Poetry v2.0.0, `poetry shell` has been deprecated in favor of `poetry env activate`.
If your poetry version is below 2.0.0 you must keep using `poetry shell` to activate your environment.
In case you have any doubts, consult the [Poetry environment activation guide](https://python-poetry.org/docs/managing-environments/#activating-the-environment).

</Warning>


### Pre-Commit Hooks

This repository uses Git pre-commit hooks managed by the [pre-commit](https://pre-commit.com/) tool, it is installed with `poetry install --with dev`. Next, run the following command in the root of this repository:

```shell
pre-commit install
```

Successful installation should produce the following output:

```shell
pre-commit installed at .git/hooks/pre-commit
```

### Code Quality and Security Checks

Before merging pull requests, several automated checks and utilities ensure code security and updated dependencies:

<Note>
These should have been already installed if `poetry install --with dev` was already run.

</Note>
- [`bandit`](https://pypi.org/project/bandit/) for code security review.
- [`safety`](https://pypi.org/project/safety/) and [`dependabot`](https://github.com/features/security) for dependencies.
- [`hadolint`](https://github.com/hadolint/hadolint) and [`dockle`](https://github.com/goodwithtech/dockle) for container security.
- [`Snyk`](https://docs.snyk.io/integrations/snyk-container-integrations/container-security-with-docker-hub-integration) for container security in Docker Hub.
- [`clair`](https://github.com/quay/clair) for container security in Amazon ECR.
- [`vulture`](https://pypi.org/project/vulture/), [`flake8`](https://pypi.org/project/flake8/), [`black`](https://pypi.org/project/black/), and [`pylint`](https://pypi.org/project/pylint/) for formatting and best practices.

Additionally, ensure the latest version of [`TruffleHog`](https://github.com/trufflesecurity/trufflehog) is installed to scan for sensitive data in the code. Follow the official [installation guide](https://github.com/trufflesecurity/trufflehog?tab=readme-ov-file#floppy_disk-installation) for setup.

### AI-Driven Contributions

If you are using AI assistants to help with your contributions, Prowler provides specialized resources to enhance AI-driven development:

- **Prowler MCP Server**: The [Prowler MCP Server](/getting-started/products/prowler-mcp) provides AI assistants with access to the entire Prowler ecosystem, including security checks, compliance frameworks, documentation, and more. This enables AI tools to better understand Prowler's architecture and help you create contributions that align with project standards.

- **AGENTS.md Files**: Each component of the Prowler monorepo includes an `AGENTS.md` file that contains specific guidelines for AI agents working on that component. These files provide context about project structure, coding standards, and best practices. When working on a specific component, refer to the relevant `AGENTS.md` file (e.g., `prowler/AGENTS.md`, `ui/AGENTS.md`, `api/AGENTS.md`) to ensure your AI assistant follows the appropriate guidelines.

These resources help ensure that AI-assisted contributions maintain consistency with Prowler's codebase and development practices.

### Dependency Management

All dependencies are listed in the `pyproject.toml` file.

For proper code documentation, refer to the following and follow the code documentation practices presented there: [Google Python Style Guide - Comments and Docstrings](https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings).

<Note>
If you encounter issues when committing to the Prowler repository, use the `--no-verify` flag with the `git commit` command.

</Note>
### Repository Folder Structure

The Prowler codebase layout helps quickly locate where to add new features, checks, or integrations. The following is a high-level overview from the root of the repository:

```
prowler/
├── prowler/           # Main source code for Prowler SDK (CLI, providers, services, checks, compliances, config, etc.)
├── api/               # API server and related code
├── dashboard/         # Local Dashboard extracted from the CLI output
├── ui/                # Web UI components
├── util/              # Utility scripts and helpers
├── tests/             # Prowler SDK test suite
├── docs/              # Documentation, including this guide
├── examples/          # Example output formats for providers and scripts
├── permissions/       # Permission-related files and policies
├── contrib/           # Community-contributed scripts or modules
├── kubernetes/        # Kubernetes deployment files
├── .github/           # GitHub-related files (workflows, issue templates, etc.)
├── pyproject.toml     # Python project configuration (Poetry)
├── poetry.lock        # Poetry lock file
├── README.md          # Project overview and getting started
├── Makefile           # Common development commands
├── Dockerfile         # SDK Docker container
├── docker-compose.yml # Prowler App Docker compose
└── ...                # Other supporting files
```

## Sending the Pull Request

When creating or reviewing a pull request in <Icon icon="github" /> [Prowler](https://github.com/prowler-cloud/prowler), follow [this template](https://github.com/prowler-cloud/prowler/blob/master/.github/pull_request_template.md) and fill it with the relevant information:

- **Context** and **Description** of the change: This will help the reviewers to understand the change and the purpose of the pull request.
- **Steps to review**: A detailed description of how to review the change.
- **Checklist**: A mandatory checklist of the things that should be reviewed before merging the pull request.

## Contribution Appreciation

If you enjoy swag, we'd love to thank you for your contribution with laptop stickers or other Prowler merchandise!

To request swag: Share your pull request details in our [Slack workspace](https://goto.prowler.com/slack).

You can also reach out to Toni de la Fuente on [Twitter](https://twitter.com/ToniBlyx)—his DMs are open!

## Testing a Pull Request from a Specific Branch

To test Prowler from a specific branch (for example, to try out changes from a pull request before it is merged), you can use `pipx` to install directly from GitHub:

```sh
pipx install "git+https://github.com/prowler-cloud/prowler.git@branch-name"
```

Replace `branch-name` with the name of the branch you want to test. This will install Prowler in an isolated environment, allowing you to try out the changes safely.

For more details on testing go to the [Testing section](/developer-guide/unit-testing) of this documentation.